Apple Boosts iCloud Security With Two-Step Verification

Apple has started to implement two-step verification, boosting security for its iTunes, App Store and iCloud services - making them more difficult to hack.

Apple has taken measures to strengthen security for its users. (Credit: Reuters)

Already an option for users of Google's Gmail service, two-step verification requires users to enter their existing password along with a randomly generated four-digit PIN sent to their smartphone before being able to access their accounts from any computer other than theirs.

As with Gmail, Apple's two-factor authentication system is an option which users will have to enable through the Settings menu rather than something which is the default setting.

The process is designed to stop accounts from being hacked, as access can only be granted to previously used and trusted devices, while logging in from a new device - or that of a potential hacker - is only possible after entering the password and PIN.

Tie a mobile phone to your Apple ID and whenever access to your account is attempted from a computer or mobile device that doesn't belong to you, a text message with a PIN will be sent to your phone, which needs to be entered before access to the account is granted.

This means that a hacker would need your account password and access to your mobile phone before being able to log into your account.

Verification

Apple explains: "When you set up two-step verification, you register one or more trusted devices. A trusted device is a device you control that can receive 4-digit codes using either Find My iPhone notifications or SMS to verify your identity.

"Then, any time you sign in to manage your Apple ID at My Apple ID or make an iTunes, App Store, or iBookstore purchase from a new device, you will need to enter both your password and a 4-digit verification code."

If you lose your trusted device or the battery is dead you can still access your account with your password and a separate 14-digit recovery key, which Apple suggests you print out and keep somewhere safe, away from your computer and mobile device.

Two-step verification does away with the need for remembering security questions, although Apple requires two to be answered before the two-step security can be activated.

Two-step verification would have sent a PIN to Honan's iPhone or iPad, which the hacker would have needed to change his Apple ID password, but in this case security errors by Amazon were also to blame.

Apple is offering the extra security in the US, UK, Ireland, Australia and New Zealand for now, with more countries to be added soon.

The bulked-up security comes just a day after the BBC's Weather, Arabic and Radio Ulster Twitter accounts were hijacked by a group called the Syrian Electronic Army. If Twitter had two-step verification then these hacks would not have been possible, but as it stands Twitter accounts can be accessed by anyone who knows the password.

Last month a job posting revealed that Twitter is looking for a new software engineer who will be hired to "design and develop user-facing security features, such as multifactor authentication and fraudulent login detection."

On 1 February Twitter announced that it had been the victim of a cyber attack in which 250,000 account passwords were compromised. Passwords for the affected accounts were reset by Twitter and emails were sent to users prompting them to create a new password.